CVE-2016-7405

Опубликовано: 03 окт. 2016

Источник: debian

Описание

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libphp-adodb	fixed	5.20.6-1		package
libphp-adodb	fixed	5.15-1+deb8u1	jessie	package

Примечания

https://github.com/ADOdb/ADOdb/issues/226
https://github.com/ADOdb/ADOdb/commit/bd9eca9
Issue only with the PDO driver and only if queries built by inlining
the quoted string (not recommended).
https://www.openwall.com/lists/oss-security/2016/09/07/8

Связанные уязвимости

CVE-2016-7405

CVSS3: 9.8

ubuntu

больше 8 лет назад

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

CVE-2016-7405

CVSS3: 9.8

nvd

больше 8 лет назад

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

ROS-20240702-05

CVSS3: 9.8

redos

12 месяцев назад

Уязвимость php-adodb

GHSA-3fj4-q72x-x2g9

CVSS3: 9.8

github

около 3 лет назад

ADOdb Library SQL Injection